-
Notifications
You must be signed in to change notification settings - Fork 80
/
scanner.go
206 lines (187 loc) · 5.32 KB
/
scanner.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
// Package dpkg implements a package indexer for dpkg packages.
package dpkg
import (
"archive/tar"
"context"
"crypto/md5"
"encoding/hex"
"errors"
"fmt"
"io"
"path/filepath"
"runtime/trace"
"strings"
"github.com/rs/zerolog"
"github.com/tadasv/go-dpkg"
"github.com/quay/claircore"
"github.com/quay/claircore/internal/indexer"
)
const (
name = "dpkg"
kind = "package"
version = "v0.0.1"
)
var (
_ indexer.VersionedScanner = (*Scanner)(nil)
_ indexer.PackageScanner = (*Scanner)(nil)
)
// Scanner implements the scanner.PackageScanner interface.
//
// This looks for directories that look like dpkg databases and examines the
// "status" file it finds there.
//
// The zero value is ready to use.
type Scanner struct{}
// Name implements scanner.VersionedScanner.
func (ps *Scanner) Name() string { return name }
// Version implements scanner.VersionedScanner.
func (ps *Scanner) Version() string { return version }
// Kind implements scanner.VersionedScanner.
func (ps *Scanner) Kind() string { return kind }
// Scan attempts to find a dpkg database within the layer and read all of the
// installed packages it can find in the "status" file.
//
// It's expected to return (nil, nil) if there's no dpkg database in the layer.
//
// It does not respect any dpkg configuration files.
func (ps *Scanner) Scan(ctx context.Context, layer *claircore.Layer) ([]*claircore.Package, error) {
// Preamble
defer trace.StartRegion(ctx, "Scanner.Scan").End()
trace.Log(ctx, "layer", layer.Hash.String())
log := zerolog.Ctx(ctx).With().
Str("component", "dpkg/Scanner.Scan").
Str("version", ps.Version()).
Str("layer", layer.Hash.String()).
Logger()
ctx = log.WithContext(ctx)
log.Debug().Msg("start")
defer log.Debug().Msg("done")
// Grab a handle to the tarball, make sure we can seek.
// If we can't, we'd need another reader for every database found.
// It's cleaner to just demand that it's a seeker.
rd, err := layer.Reader()
if err != nil {
return nil, fmt.Errorf("opening layer failed: %w", err)
}
defer rd.Close()
r, ok := rd.(io.ReadSeeker)
if !ok {
err := errors.New("unable to coerce to io.Seeker")
return nil, fmt.Errorf("opening layer failed: %w", err)
}
tr := tar.NewReader(r)
// This is a map keyed by directory. A "score" of 2 means this is almost
// certainly a dpkg database.
loc := make(map[string]int)
Find:
for {
h, err := tr.Next()
switch err {
case nil:
case io.EOF:
break Find
default:
return nil, fmt.Errorf("reading next header failed: %w", err)
}
switch filepath.Base(h.Name) {
case "status", "available":
if h.Typeflag == tar.TypeReg {
loc[filepath.Dir(h.Name)]++
}
}
}
log.Debug().Msg("scanned for possible databases")
// If we didn't find anything, this loop is completely skipped.
var pkgs []*claircore.Package
for p, x := range loc {
if x != 2 { // If we didn't find both files, skip this directory.
continue
}
log := log.With().
Str("database", p).
Logger()
log.Debug().Msg("examining package database")
// Reset the tar reader.
if n, err := r.Seek(0, io.SeekStart); n != 0 || err != nil {
return nil, fmt.Errorf("unable to seek reader: %w", err)
}
tr = tar.NewReader(r)
// We want the "status" file, so search the archive for it.
fn := filepath.Join(p, "status")
var db io.Reader
var h *tar.Header
for h, err = tr.Next(); err == nil; h, err = tr.Next() {
if h.Name == fn {
db = tr
break
}
}
// Check what happened in the above loop.
switch {
case errors.Is(err, io.EOF):
return nil, nil
case err != nil:
return nil, fmt.Errorf("reading status file from layer failed: %w", err)
case db == nil:
log.Error().
Str("filename", fn).
Msg("unable to get reader for file")
panic("file existed, but now doesn't")
}
// Take all the packages found in the database and attach to the slice
// defined outside the loop.
found := make(map[string]*claircore.Package)
for _, pkg := range dpkg.NewParser(db).Parse() {
p := &claircore.Package{
Name: pkg.Package,
Version: pkg.Version,
Kind: "binary",
Arch: pkg.Architecture,
PackageDB: fn,
}
if pkg.Source != "" {
p.Source = &claircore.Package{
Name: pkg.Source,
Kind: "source",
// Right now, this is an assumption that discovered source
// packages relate to their binary versions. We see this in
// Debian.
Version: pkg.Version,
PackageDB: fn,
}
}
found[p.Name] = p
pkgs = append(pkgs, p)
}
// Reset the tar reader, again.
if n, err := r.Seek(0, io.SeekStart); n != 0 || err != nil {
return nil, fmt.Errorf("resetting tar reader failed: %w", err)
}
tr = tar.NewReader(r)
prefix := filepath.Join(p, "info")
const suffix = ".md5sums"
for h, err = tr.Next(); err == nil; h, err = tr.Next() {
if !strings.HasPrefix(h.Name, prefix) || !strings.HasSuffix(h.Name, suffix) {
continue
}
n := filepath.Base(h.Name)
n = strings.TrimSuffix(n, suffix)
if i := strings.IndexRune(n, ':'); i != -1 {
n = n[:i]
}
hash := md5.New()
if _, err := io.Copy(hash, tr); err != nil {
log.Warn().
Err(err).
Str("package", n).
Msg("unable to read package metadata")
continue
}
found[n].RepositoryHint = hex.EncodeToString(hash.Sum(nil))
}
log.Debug().
Int("count", len(found)).
Msg("found packages")
}
return pkgs, nil
}